Supply authentication via timing challenge response

ABSTRACT

In an example implementation, a print supply cartridge comprises a microcontroller to receive a timing challenge and enable authentication of the cartridge by providing a challenge response. The challenge response is provided in a challenge response time that falls within an expected time window.

BACKGROUND

Many systems have replaceable components that are integral to thefunctioning of the system. The replaceable components are often devicesthat contain consumable material that is depleted with each use of thesystem. Such systems may include, for example, cell phones that usereplaceable batteries, medical systems that dispense medicine fromreplaceable supply devices, printing systems that dispense fluids (e.g.,ink) or toners from replaceable supply cartridges, and so on. Verifyingthat a replaceable supply device is an authentic device from alegitimate manufacturer can help a system user avoid problems associatedwith the unintended use of a defective and/or counterfeit device.

BRIEF DESCRIPTION OF THE DRAWINGS

The present embodiments will now be described, by way of example, withreference to the accompanying drawings, in which:

FIG. 1 shows a box diagram illustrating components of an example,generic authentication system suitable for authenticating a replaceablesupply device:

FIG. 2 shows an example of characterization data stored on a replaceablesupply device;

FIG. 3 shows an example of an authentication system embodied as aninkjet printing system;

FIG. 4 shows a perspective view of an example inkjet print supplycartridge;

FIG. 5 shows a flow diagram of an example supply authentication process.

Throughout the drawings, identical reference numbers designate similar,but not necessarily identical, elements.

DETAILED DESCRIPTION Overview

As noted above, verifying the authenticity of replaceable supply devicesfor use in certain systems can help system users avoid problemsassociated with the unintended use of defective and/or counterfeitdevices. For example, in printing systems that employ consumable toneror ink cartridges, inadvertently replacing the cartridges withcounterfeit cartridges can result in various problems ranging from poorquality printouts to leaky cartridges that can damage the printingsystem.

Prior methods of authenticating a replaceable device have includedemploying strong authentication that involves the use of a secret keyknown to a smart card or secure microcontroller on the replaceabledevice (e.g., consumable ink/toner cartridge) and the host device (e.g.,printer). If the replaceable device can provide a response to achallenge issued by the host that proves it contains an appropriate key,the host will deduce that the device is of original manufacture, andthen authenticate the device. One weakness with this method ofauthentication is that it relies on the ability of the system topreserve the secret key. If an attacker can recover a key or keys fromeither the host or the replaceable device, it can store the stolenkey(s) in a smart card or microcontroller, enabling it to then createreplaceable devices that will respond to challenges as if those deviceswere authentic devices from the original manufacturer. Typically, oncethe key(s) is compromised, the challenge response and otherfunctionality of a non-authentic (i.e., counterfeit) replaceable devicecan be simulated with firmware running on an inexpensive, standardmicrocontroller.

Authentication systems and supply authentication processes are disclosedherein that provide for robust authentication of replaceable systemdevices, in general, through a timing challenge response. A host, suchas a printer, issues a cryptographic timing challenge to a securemicrocontroller affixed to a replaceable device, such as a consumableink or toner cartridge. The challenge requests that the consumabledevice (i.e., the microcontroller on the consumable device) perform anumber of mathematical operations based on data supplied by thehost/printer. The printer monitors the amount of time it takes for theconsumable device to complete the task, and independently verifies theresponse provided by the device. If the response and the time elapsedwhile computing the response both meet the expectations of the printer,the printer will conclude that the device is an authentic device. Ifeither the response, or the time elapsed while computing the response(or both), does not meet the expectations of the printer, the printerwill conclude that the device is not an authentic device.

The mathematical operations from the challenge are performed within themicrocontroller of the consumable device by dedicated hardware logicspecifically designed for such operations. The dedicated logic iscapable of achieving the challenge response by performing themathematical calculations significantly faster than could otherwise beachieved by a standard microcontroller executing firmware. Thus, anon-authentic/counterfeit replaceable device in which a microcontrollercontains stolen key(s), may be capable of achieving a correct challengeresponse. However, such a counterfeit device is not capable of achievingthe challenge response within a time frame expected by the host device.

In an example implementation, a print supply cartridge includes amicrocontroller to receive a timing challenge and enable authenticationof the cartridge by providing a challenge response in a challengeresponse time that falls within an expected time window. In anotherimplementation, the cartridge further includes dedicated hardware logicon the microcontroller to perform a mathematical calculation in responseto the timing challenge. Performing the mathematical calculation yieldsthe challenge response within the expected time window.

In another example implementation, a replaceable supply device includesa microcontroller. The microcontroller is to derive a session key with ahost device, and to receive a time-dependent challenge from the hostdevice that specifies a random seed, the session key, and a calculationcycle. The replaceable device further includes dedicated logic withinthe microcontroller to perform a challenge calculation a number of timesequal to the calculation cycle, wherein a first calculation uses therandom seed and session key to produce an output, and each subsequentcalculation uses an output of a preceding calculation.

In another example implementation, an authentication system includes ahost device, a controller integrated into the host device, and anauthentication algorithm executable on the controller to issue acryptographic timing challenge and to authenticate the supply devicewhen the supply device provides a challenge response in a challengeresponse time that falls within an expected time window.

In another example implementation, an authentication system includes aprinter that has a controller and a memory. The authentication systemalso includes an authentication algorithm stored in the memory andexecutable on the controller to issue a cryptographic timing challengeand to authenticate a print supply cartridge when the cartridge providesa challenge response corresponding to an expected response within anexpected time window.

In another example implementation, a non-transitory processor-readablemedium stores code representing instructions that when executed by aprocessor cause the processor to recognize a supply device, and issue acryptographic timing challenge to the supply device. The timingchallenge requests a mathematical calculation to be performed on datathat includes a session key, a random seed, and a calculation count. Theinstructions further cause the processor to receive a challenge responsein a challenge response time from the supply device, and to authenticatethe supply device when the challenge response matches an expectedresponse and the challenge response time falls within an expected timewindow.

Example Implementations

FIG. 1 shows a box diagram illustrating components of an example,generic authentication system 100 suitable for authenticating areplaceable supply device. The authentication system 100 includes a hostdevice 102 and a replaceable supply device 104. The host device 102comprises a controller 106 that typically includes components of astandard computing system such as a processor (CPU) 108, a memory 110,firmware, and other electronics for controlling the general functions ofthe authentication system 100 and for communicating with and controllingsupply device 104. Memory 110 can include both volatile (i.e., RAM) andnonvolatile (e.g., ROM, hard disk, floppy disk, CD-ROM, etc.) memorycomponents comprising non-transitory computer/processor-readable mediathat provide for the storage of computer/processor-readable codedinstructions and/or data in the form of algorithms, program modules,data structures, JDF, and so on. Supply device 104 comprises amicrocontroller 112 (i.e., a smart card) that also includes a processor(CPU) 114 and a memory 116.

In general, upon power up of the host device 102, the host device 102and supply device 104 establish secure communications through standardcryptographic techniques using standard cryptographic algorithms 118.For example, executing a cryptographic algorithm 118 (i.e., on processor108), host device 102 can request the unique ID 120 of the supply device104 and determine the device's “base key” 122 through a cryptographicrelation. Using the base key 122, the host device and supply device canderive a secret “session key” 124 enabling secure communication for acurrent communication exchange. The host device 102 determines the basekey 122 in this manner each time it is powered up, and each time a newsupply device 104 is installed. The base key 122 remains the same anddoes not change. However, a new and different session key 124 is derivedeach time a communication exchange is made between the host device 102and supply device 104.

In one implementation, memory 110 includes an authentication algorithm126 executable on processor 108 of controller 106 to determine theauthenticity of the replaceable supply device 104. The supply device 104is determined to be authentic when it responds correctly to acryptographic timing challenge 128 issued by the authenticationalgorithm 126, and when its response 130 to the challenge is completedwithin an expected window of time. Thus, a supply device 104 whosechallenge response 130 value is correct, but whose challenge responsetime 131 does not fall within an expected window of time, is determinedto not be authentic. Likewise, a supply device 104 whose challengeresponse time 131 falls within an expected window of time but whosechallenge response 130 value is incorrect, is determined to not beauthentic. The authenticity of the supply device 104, therefore, dependson it providing a correct response 130 to a cryptographic timingchallenge 128 in a challenge response time 131 (i.e., the time it takesto provide the response 130) that falls within an expected window oftime.

The cryptographic timing challenge 128 issued by the authenticationalgorithm 126 on host device 102 comprises a request to perform aspecific mathematical calculation incorporating certain challengeparameters. The mathematical calculation is to be performed a particularnumber of times. The cryptographic timing challenge 128 includes or isaccompanied by these challenge parameters, which include the derivedsession key, a random seed number generated on the host device 102 bycontroller 106, and a calculation count or cycle that indicates thenumber of times the calculation is to be performed. The mathematicalcalculation uses the session key and begins with an operation on therandom seed number. The result or output of each calculation isrepeatedly fed back into the next calculation until the calculationcount has been reached. The last result or output of the mathematicalcalculation provides the challenge response 130, which will have beenachieved or calculated in a particular challenge response time 131. Thechallenge response time 131 is measured by the authentication algorithm126, for example, by starting a timing sequence when the challenge isissued, and stopping the timing sequence once the supply device 104completes and returns the challenge response 130 to the host device 102.The challenge response time 131 is a temporary value that in someimplementations may reside briefly on the host device 102 in a volatilecomponent of memory 110 and/or within processor 108 prior to or during acomparison to a time window determined by the host. The authenticationalgorithm 126 on host 102 determines whether or not the challengeresponse 130 and the challenge response time 131 are correct (i.e.,expected), and then authenticates the supply device 104 accordingly.

Referring still to FIG. 1, microcontroller 112 on supply device 104comprises dedicated hardware challenge logic 132 for performing themathematical calculation from a cryptographic timing challenge 128. Thededicated challenge logic 132 is specifically designed and fabricated onmicrocontroller 112 to optimally perform the particular mathematicalcalculation. In one example implementation, the mathematical calculationcomprises a basic function that defines a sequence of operationsoptimized to run very fast in the dedicated logic 132. The mathematicalcalculation, or function, is iterated many times with the output of eachiteration being part of the input to the next iteration. Thus, while oneor more operands change with each iteration of the mathematicalcalculation, the mathematical calculation itself does not change. Inaddition, the challenge parameter values accompanying the timingchallenge 128 may change with each timing challenge 128. Each timingchallenge 128 issued by the authentication algorithm 126 to the supplydevice 104 may have different values for the session key, the randomseed number generated on the host device 102 by controller 106, and thecalculation count or cycle. Accordingly, for each timing challenge 128,the challenge response 130 and challenge response time 131 aredetermined by the challenge parameter values. More specifically, thesession key, random seed, and calculation count all affect the challengeresponse value 130, while the calculation count also affects thechallenge response time 131 by varying the number of iterations of themathematical calculation through the dedicated challenge logic 132.

As noted above, the authentication algorithm 126 determines whether thechallenge response 130 and the challenge response time 131, are corrector expected. This is done by comparing the challenge response 130 andresponse time 131 with correct or expected values. In differentimplementations, the algorithm 126 determines correct or expected valuesin different ways. In one implementation, for example, the algorithm 126retrieves and accesses characterization data 134 stored on the supplydevice 104. The characterization data 134 can be secured with a digitalsignature and verified using standard cryptographic operations. Thecharacterization data 134 provides expected time windows into which achallenge response time 131 should fall depending on the calculationcount provided with the timing challenge 128. Thus, in one example asshown in FIG. 2, the characterization data 134 can include a table ofdata that associates different calculation count values with differenttime windows. By way of example only, such an association might indicatethat for a calculation count of 10,000 (i.e., where the mathematicalcalculation is to be performed 10,000 times), the challenge responsetime 131 is expected to fall within a time window of 50-55 milliseconds.In another example, the characterization data 134 might be providedthrough a mathematical relation such as the slope-intercept formula,y=mx+b. Thus, for a given calculation count value, x, an expected time,y, can be determined. A time window can then be determined by theauthentication algorithm 126 on host 102, for example, by using theexpected time y, +/−5%.

In another example implementation, the authentication algorithm 126determines correct or expected values for the challenge response 130 byissuing the cryptographic timing challenge 128 to dedicated referencelogic 136 on the host device controller 106. The reference logic 136 oncontroller 106 mirrors the dedicated hardware logic 132 on the supplydevice 104, and is therefore specifically designed and fabricated oncontroller 106 to optimally perform the mathematical calculation fromthe timing challenge 128. Thus, when the authentication algorithm 126issues the timing challenge 128 to the supply device 104, it also issuesthe timing challenge 128 to the reference logic 136. The reference logic136 performs the mathematical calculations from the challenge in thesame manner as discussed above with regard to the dedicated hardwarelogic 132 on the supply device 104. In response to the timing challenge128, the reference logic 136 completes the challenge and provides areference response in a reference time. A reference response time windowcan be defined, for example, to be within a certain percent (e.g.,+/−5%, +/−10%) of the reference time. The authentication algorithm 126can then use the reference response and the reference response timewindow as expected values to compare with the challenge response 130 andthe challenge response time 131. If the challenge response 130 matchesthe reference response and the challenge response time 131 falls withinthe reference response time window, the algorithm 126 determines thatthe supply device 104 is an authentic device.

FIG. 3 shows an example of an authentication system 100 embodied as aninkjet printing system 300. In general, the printing system 300comprises the same or similar components as the general authenticationsystem 100, and functions in the same or similar manner regarding theauthentication of replaceable inkjet supply cartridges. In an exampleimplementation, the inkjet printing system 300 includes a print engine302 having a controller 106, a mounting assembly 304, one or morereplaceable supply devices 104 embodied as ink supply cartridges 306,and at least one power supply 308 that provides power to the variouselectrical components of inkjet printing system 300. Printing system 300additionally includes media transport assembly 310.

FIG. 4 shows a perspective view of an example inkjet supply cartridge306 that represents a replaceable supply device 104. In addition to oneor more printheads 312, inkjet cartridge 306 includes a microcontroller112, a group of electrical contacts 400, and an ink (or other fluid)supply chamber 402. In some implementations, cartridge 306 may have asupply chamber 402 that stores one color of ink, and in otherimplementations it may have a number of chambers 402 that each stores adifferent color of ink. Electrical contacts 400 carry electrical signalsfrom controller 106 to nozzles 314 on printhead 312 to cause theejection of fluid drops. Electrical contacts 400 also carry electricalsignals between controller 106 and microcontroller 112 to facilitate theauthentication of the cartridge 306 within the inkjet printing system300. In one example implementation, microcontroller 112 is located on asilicon substrate shared by printhead 312. In another exampleimplementation, microcontroller 112 is located elsewhere on thecartridge 306 as a stand-alone smart card. Microcontroller 112 isanalogous to, and includes the same general components (not all shown inFIG. 4) of, the microcontroller 112 shown in FIG. 1 and discussed above.Thus, microcontroller 112 on cartridge 306 comprises memory 116 anddedicated challenge logic 132, which function in the same general manneras discussed above with regard to the authentication system 100 of FIGS.1 and 2.

Referring to FIGS. 3 and 4, printhead 312 ejects drops of ink or otherfluid through a plurality of orifices or nozzles 314 toward a printmedium 316 so as to print onto print medium 316. Print media 316 can beany type of suitable sheet or roll material, such as paper, card stock,transparencies, Mylar, polyester, plywood, foam board, fabric, canvas,and the like. Printhead 312 can be configured to eject ink throughnozzles 314 in a variety of ways. For example, a thermal inkjetprinthead ejects drops from a nozzle by passing electrical currentthrough a heating element to generate heat and vaporize a small portionof the ink within a firing chamber. The vapor bubble forces a drop ofink through the nozzle 314. In another example, a piezoelectric inkjetprinthead uses a piezoelectric material actuator to generate pressurepulses that force ink drops out of a nozzle. Nozzles 314 are typicallyarranged in one or more columns or arrays along printhead 312 such thatproperly sequenced ejection of ink from nozzles 314 causes characters,symbols, and/or other graphics or images to be printed on print media316 as inkjet cartridge 306 and print media 316 are moved relative toeach other.

Mounting assembly 304 positions inkjet cartridge 306 relative to mediatransport assembly 310, and media transport assembly 310 positions printmedia 316 relative to inkjet cartridge 306. Thus, a print zone 318 isdefined adjacent to nozzles 314 in an area between inkjet cartridge 306and print media 316. In one implementation, print engine 302 is ascanning type print engine 302. As such, mounting assembly 304 includesa carriage for moving inkjet cartridge 306 relative to media transportassembly 310 to scan print media 316. In another implementation, printengine 302 is a non-scanning type print engine 302. As such, mountingassembly 304 fixes inkjet cartridge 306 at a prescribed positionrelative to media transport assembly 310 while media transport assembly310 positions print media 316 relative to inkjet cartridge 306.

As noted above with regard to the authentication system 100 of FIG. 1, acontroller 106 typically includes components of a standard computingsystem such as a processor (CPU) 108, a memory 110, firmware, and otherelectronics. In the inkjet printing system 300 of FIG. 3, controller 106likewise employs such components for controlling the general functionsof the printing system 300 and for communicating with and controllinginkjet cartridge 306, mounting assembly 304, and media transportassembly 310. Accordingly, controller 106 receives data 320 from a hostsystem, such as a computer, and temporarily stores the data 320 in amemory 110. Typically, data 320 is sent to inkjet printing system 300along an electronic, infrared, optical, or other information transferpath. Data 320 represents, for example, a document and/or file to beprinted. As such, data 320 forms a print job for inkjet printing system300 that includes one or more print job commands and/or commandparameters. Using data 320, controller 106 controls inkjet cartridge 306to eject ink drops from nozzles 314. Thus, controller 106 defines apattern of ejected ink drops that form characters, symbols, and/or othergraphics or images on print medium 316. The pattern of ejected ink dropsis determined by the print job commands and/or command parameters fromdata 320.

In addition to managing the general printing functions of inkjetprinting system 300, controller 106 executes an authentication algorithm126 to determine whether an inkjet supply cartridge 306 is an authenticdevice. This authentication process on printing system 300 is similar tothe process described above regarding the general authentication system100 of FIG. 1. FIG. 5 is a flow diagram of an example authenticationprocess 500 on a printing system 300 or other authentication system 100that determines whether a replaceable supply device 104 such as aninkjet supply cartridge 306 is an authentic device. The process 500 isassociated with the example implementations discussed above with regardto FIGS. 1-4, and details of the steps shown in process 500 can be foundin the related discussion of such implementations. The steps of process500 may be embodied as an algorithm comprising programming instructionsstored on a non-transitory computer/processor-readable medium, such asmemory 110 of FIGS. 1 and 3. In different examples, the implementationof the steps of process 500 is achieved by the reading and execution ofsuch programming instructions by a processor, such as processor 108 ofFIGS. 1 and 3. The process 500 may include more than one implementation,and different implementations of process 500 may not employ every steppresented in the flow diagram of FIG. 5. Therefore, while steps ofprocess 500 are presented in a particular order within the flow diagram,the order of their presentation is not intended to be a limitation as tothe order in which the steps may actually be implemented, or as towhether all of the steps may be implemented. For example, oneimplementation of process 500 might be achieved through the performanceof a number of initial steps, without performing one or more subsequentsteps, while another implementation of process 500 might be achievedthrough the performance of all of the steps.

Referring now primarily to FIGS. 1, 3, and 5, an authentication process500 begins at block 502, where the first step shown is to recognize areplaceable supply device. Recognizing a replaceable supply devicetypically occurs on power up of a host device or the insertion of a newsupply device into a host device, such as when a printing system isturned on or when an ink or toner print supply cartridge is replaced ina printing system. The replaceable supply device can also be recognizedwhen the supply device is powered up at the beginning of each print job.The authentication process 500 continues at block 504, where acryptographic timing challenge is issued. The timing challenge is issuedfrom a host device such as a printing device and sent to a supply devicesuch as a print supply cartridge. The timing challenge comprises arequest to perform a specific mathematical calculation involving certainchallenge parameters that include a session key derived between a hostdevice and a supply device, a random seed number generated by the hostdevice, and a calculation count or cycle that indicates the number oftimes the calculation is to be performed. Upon issuing the timingchallenge, the host device may begin a timing sequence to monitor theamount of time it takes to receive a challenge response, as shown atblock 506.

In some implementations the timing challenge may also be sent toreference logic on the host device, as shown at block 508. When thetiming challenge is sent to reference logic on the host device, areference response is received from the logic in a certain amount ofelapsed reference time, as shown at block 510. At block 512, a referencetime window may be determined by including a range around the referencetime of a certain percent. For example, a reference time window may bedetermined to be the reference time, plus or minus 5% of the referencetime. In some implementations, as an alternative to sending the timingchallenge to reference logic on the host device, the host deviceretrieves and accesses characterization data stored on the supplydevice, as shown at block 514. In another implementation, thecharacterization data may be hard-coded into a memory of the hostdevice. The characterization data includes expected time windows forreceiving a challenge response from the supply device that areassociated with different calculation count values.

As shown at block 516, the authentication process 500 includes receivinga challenge response from the supply device. The challenge response isreceived in a certain challenge response time that can be determined,for example, by a time measurement on the host device. The process 500continues at block 518 with comparing the challenge response to anexpected response. The expected response can be the reference responsereceived from the reference logic on the host device. At block 520, thechallenge response time is also compared to an expected response timewindow to determine if the challenge response time falls within theexpected time window. The expected time window can be the reference timewindow or an expected time window retrieved from the characterizationdata stored on the supply device or elsewhere.

The authentication process 500 continues at block 522 with the hostdevice authenticating the supply device when the challenge response fromthe supply device matches an expected value and the challenge responsetime falls within an expected time window. At block 524 of process 500,the host device determines that the supply device is not authentic wheneither the challenge response does not match an expected value, or thechallenge response time falls outside an expected time window, or both.

What is claimed is:
 1. A print supply cartridge comprising: a fluidsupply chamber; a Central Processing Unit (CPU); a dedicated logiccircuit, the circuit in communication with the CPU to respond to acryptographic timing challenge; and memory including: a calculationcount, a base key, and characterization data that includes at least onereference response time window in which the dedicated logic circuit isto produce a timing response value, the at least one reference responsetime window based on the calculation count; the CPU structured toperform operations including: responding to a timing challenge from ahost device, deriving a session key for each communication session withthe host device, and communicating with the dedicated logic circuit; thededicated logic circuit to perform operations including: calculating thetiming response value based on parameters including the calculationcount and the session key, providing the timing response value within apredetermined time window, the predetermined time window being withinthe at least one reference response time window; and performing amathematical function that defines a sequence of operations to calculatethe timing response value based on the calculation count and the sessionkey.
 2. The print supply cartridge of claim 1, further including adigital signature to secure the characterization data in the memory. 3.The print supply cartridge of claim 1, wherein the parameters forcalculating the timing response further include a random seed.
 4. Theprint supply cartridge of claim 3, wherein the dedicated logic circuitis to perform a challenge calculation of the mathematical function anumber of times based on the calculation count to produce the timingresponse value, a first output of a first challenge calculation based onthe random seed and session key, and respective subsequent outputs ofrespective subsequent challenge calculations based on respective outputsof respective preceding calculations.
 5. The print supply cartridge ofclaim 4, wherein an output of a last challenge calculation is the timingresponse value within a calculated challenge response time correspondingto the predetermined time window.
 6. The print supply cartridge of claim1, wherein the dedicated logic circuit is to perform the mathematicalfunction such that the reference response time window (y) and thecalculation count (x) are related by a slope-intercept formula (y=mx+b).7. The print supply cartridge of claim 1, wherein the dedicated logiccircuit is structured to perform the same mathematical function multipletimes to obtain the timing response value, a number of times themathematical function iterates is based on the calculation count.
 8. Aprint supply cartridge comprising: a fluid supply chamber; a CentralProcessing Unit (CPU) to execute instructions; a dedicated logiccircuit, the circuit in communication with the CPU and includinghardware logic components that physically encode logical functionsincluding a mathematical calculation, wherein the logical functions areto be performed by the dedicated logic circuit under control of the CPUwith input from the CPU in response to a cryptographic timing challenge;and a non-transitory memory device in communication with the CPU, thememory device including: data for use when the CPU executes theinstructions, the data including a calculation count and a base key, andcharacterization data that includes at least one reference response timewindow in which the dedicated logic circuit is to produce a timingresponse value depending on the calculation count; the instructions,when executed by the CPU, cause the CPU to perform operations includingreceiving a cryptographic timing challenge from a host device andcommunicating with the dedicated logic circuit to prepare a response tothe received cryptographic timing challenge; the logic circuit, whenoperated by the CPU, is to perform operations including: calculating thetiming response value with the mathematical calculation and based onparameters including the calculation count and a session key, andproviding the timing response value within a predetermined time window,wherein the predetermined time window is based on the calculation count.